Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

In early February, CISA warned of attacks on FreePBX instances. Currently, hundreds of compromised installations are online.

The author is assistant chief engineer of Radio One Dallas. For years, Radio One Dallas had a Nortel phone system that seemingly required a service call for anything beyond switching out a handset ...

LONDON--(BUSINESS WIRE)--UK company Threads Software Ltd today announces the release of its call transcription module for the FreePBX, a cloud-based telephone system. Built around the open-source ...

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. Sangoma is a voice over IP hardware and software provider known for the popular ...

Due to ongoing attacks, administrators of telephony and VoIP systems with FreePBX-GUI should secure their systems with an interim solution. A post by a team member in the FreePBX forum indicates that ...

The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.